Linux is one of popular version of UNIX operating System. It is open source as its source code is freely available. It is free to use. Linux was designed considering UNIX compatibility. It's functionality list is quite similar to that of UNIX and become very popular over the last several years. Our Basic motive is to provide latest information about Linux Operating system.

Python is a comparatively simple programming language, compared to c++. Although some of the benefits of c++ are abstracted away in python, they are replaced with an overall easier to learn language with many “intuitive” features. For this reason it is common and recommended by most professionals that people new to programming start with python.

Perl is an open-source, general-purpose interpreted programming language. Used often for CGI, Perl is also used for graphics programming, system administration, network programming, finance, bioinformatics, and other applications. The Perl languages borrow features from other programming languages including C, shell scripting (sh), AWK, and sed. They provide powerful text processing facilities without the arbitrary data-length limits of many contemporary UNIX command line tools, facilitating easy manipulation of text files.

Android is an operating system based on the Linux kernel, and designed primarily for touch screen mobile devices such as smart phones and tablet computers. Android is a Linux-based software system, and similar to Linux, is free and open source software. This means that other companies can use the Android operating developed by Google and use it in their mobile devices.Android gives you a world-class platform for creating apps and games for Android users everywhere, as well as an open marketplace for distributing to them instantly.

What is this "s" and "t" bit? The vector of permission bits is really4 * 3 bits long. Yes there are 12 permission bits,not just 9.The firstthree bits are special and are frequently zero. And you almost alwayslearn about the trailing 9 bits first.Some people stop there and neverlearn those first three bits.

The forth permission bit is used only when a special mode of a fileneeds to be set. It has the value 4 for SUID, 2 for SGID and 1 for thesticky bit. The other 3 bits have their usual significance.

Here we will discuss about the 3 special attributes other than thecommon read/write/execute:

1.Set-User-Id (SUID) 2.Set-Group-Id (SGID) 3.Sticky Bit

Set-User_Id (SUID): Power for a Moment:

By default, when a user executes a file, the process which results inthis execution has the same permissions as those of the user. In fact,the process inherits his default group and user identification.

If you set the SUID attribute on an executable file, the process res-ulting in its execution doesn't use the user's identification but theuser identification of the file owner.

The SUID mechanism,invented by Dennis Ritchie,is a potential securityhazard. It lets a user acquire hidden powers by running such a fileowned by root.

The listing shows that passwd is readable by all, but shadow is unre-adable by group and others. When a user running the program belongs toone of these two categories (probably, others), so access fails in theread test on shadow. suppose normal user wants to change his password,How can he do that? He can do that by running /usr/bin/passwd. ManyUNIX/Linux programs have a special permission mode that lets usersupdate sensitive system files –like /etc/shadow --something they can'tdo directly with an editor. This is true of the passwd program.

The s letter in the user category of the permission field represents aspecial mode known as the set-user-id (SUID). This mode lets a processhave the privileges of the owner of the file during the instance ofthe program. Thus when a non privileged user executes passwd, the eff-ective UID of the process is not the user's, but of root's – the ownerof the program. This SUID privilege is then used by passwd to edit/etc/shadow.

What is effective user-id:

Every process really has two user IDs: the effective user ID and thereal user ID. (Of course, there's also an effective group ID and realgroup ID.Just about everything that's true about user IDs is also trueabout group IDs) Most of the time,the kernel checks only the effectiveuser ID. For example, if a process tries to open a file, the kernelchecks the effective user ID when deciding whether to let the processaccess the file.

Save the following script under the name reids.pl and make itexecutable (chmod 755 reids.pl).

Note: For security reasons the s-bit works only when used on binaries(compiled code) and not on scripts (an exception are perl scripts).Scripts,i.e. programs that cannot be executed by the kernel directorybut need an interpreter such as the Bourne shell or Java,can havetheir setuid bit set, but it doesn't have any effect. There are someplatforms that honor the s bits even on scripts ( some System V vari-ants, for example), but most systems don't because it has proven sucha security headache - most interpreters simply aren't written withmuch security in mind. Set the SUID bit on shell script is useless,that's why I am using perl script here.

When you run the script you will see that the process that runs itgets your user-ID and your group-ID:

What you observed, the output of the program depends only on the userthat runs it and not the one who owns the file.

How to assign SUID permission:

The SUID for any file can be set (mostly by the superuser) with aspecial syntax of the chmod command. This syntax uses the character sas the permission. Now add SUID permission to the script reids.pl :

# chmod u+s /home/venu/reids.pl (Do it from root account)

Now return from the super user mode to the usual non privileged mode.

$ ls -l reids.pl-rwsr-xr-x 1 king venu 203 Mar 24 10:40 reids.pl

To assign SUID in an absolute manner, simply prefix 4 to whateveroctal string you would otherwise use (like 4755 instead of 755).

The file reids.pl is owned by king and has the s-bit set where norma-lly the x is for the owner of the file. This causes the file to beexecuted under the user-ID of the user that owns the file rather thanthe user that executes the file. If venu runs the program then thislooks as follows:

Effective user id of process is 503, this is not the venu's , but ofking's - the owner of the program. As you can see this is a very powe-rful feature especially if root owns the file with s-bit set. Any usercan then do things that normally only root can do.

Caution: When you write a SUID program then you must make sure thatit can only be used for the purpose that you intended it to be used.As administrator, you must keep track of all SUID programs owned byroot that a user may try to create or copy. The find command easilylocate them:

# find /home -perm -4000 -print | mail root

The extra octal bit (4) signifies the SUID mode, but find treats the "–" before 4000 as representing any other permissions.

Set-Group_Id (SGID):

The set-group-id (SGID) is similar to SUID except that a program withSGID set allows the user to have the same power as the group whichowns the program. The SGID bit is 2,and some typical examples could bechmod g+s reids.pl or chmod 2755 reids.pl.You can remove SGID bit using following commands:

$ chmod g-s reids.pl$ chmod 755 reids.pl (Absolute manner)

It is really useful in case you have a real multi-user setup whereusers access each others files. As a single homeuser I haven't reallyfound a lot of use for SGID. But the basic concept is the same as theSUID,Similar to SUID, SGID also grants privileges and access rights tothe process running the command, but instead of receiving those of thefile's owner it receives those of the file's group. In other words,theprocess group owner will be set to the file's group.

I explain it with an example. I have created two user accounts king and venu with same home directory project. king belongs to king anddevelopment groups, venu belongs to venu and development groups.

# groups king venuking : king developmentvenu : venu development

venu's default group is venu and king's default group is king.

Login as king and create reids.pl file again and make it executable(using chmod 755 reids.pl) .

Real GID and Effective GID are different,here Effective GID is theking's - the owner of the program.

Set SGID on a directory:

When SGID is set on a directory it has a special meaning. Files crea-ted in a directory with SGID set will inherit the same group ownershipas the directory itself,not the group of the user who created the file.If the SGID is not set the file's group ownership corresponds to theuser's default group.

In order to set the SGID on a directory or to remove it, use thefollowing commands:

You can see from the ls output that the group owner for project isdevelopment, and that the SGID bit has not been set on the directoryyet. When king creates a file in project, the group for the file isking (king's primary gid).

Set SGID bit on project directory. For that login as administratorand set SGID bit using following command:

Notice the group ownership for temp2 file. It inherits group permiss-ion from the parent directory.

Enabling SGID on a directory is extremely useful when you have agroup of users with different primary groups working on the same setof files.

For system security reasons it is not a good idea to set manyprogram's set user or group ID bits any more than necessary,since thiscan allow an unauthorized user privileges in sensitive system areas.Ifthe program has a flaw that allows the user to break out of the inten-ded use of the program, then the system can be compromised.

Sticky bit:

The sticky bit(also called the saved text bit) is the last permissionbit remaining to be discussed. It applies to both regular files anddirectories. When applied to a regular file, it ensures that the textimage of a program with the bit set is permanently kept in the swaparea so that it can be reloaded quickly when the program's turn to usethe CPU arrives. Previously, it made sense to have this bit set forprograms like vi and emacs. Today,machines with ultra-fast disk drivesand lots of cheap memory don't need this bit for ordinary files andthat is also useless.

However, the sticky bit become a useful security feature when usedwith a directory. The UNIX/Linux system allows users to create filesin /tmp, but none can delete files not owned by him. That's possiblebecause sticky bit set for /tmp directory.

The /tmp directory is typically world-writable and looks like thisin a listing:

# ls -ld /tmpdrwxrwxrwt 32 root root 36864 Mar 27 12:38 /tmp

Everyone can read,write and access the directory.The t indicates thatonly the user (root and owner of the directory,of course) that createda file in this directory can delete that file.

In order to set or to remove the sticky bit, use the followingcommands:

Following the example above, what is the purpose of assigning GID to reids.pl under king account, when permissions for others are the same as for the file owner's group? I mean, if you run the reids.pl under venu without the GID set, you will have the same permissions as when inheriting them from group's permissions, when the GID is set, don't you? Please, correct me, if I'm wrong.Thx.

This is really an amazing article, I have been struggling with this concept but after reading this post I have gained lot of knowledge. you have indeed covered the topic well and with examples. great job and keep it up.

Hello there,I am trying to execute this script but I don´t know if I am doing something wrong, because my effective UID is always from the user that executes the script and not the UID from the owner...See below...Someone can give me a tip about where is my mistake on it???---------------------------------------------------------------

A debt of gratitude is in order for posting this information. I simply need to tell you that I simply look at your site and I discover it exceptionally fascinating and useful. I can hardly wait to peruse loads of your posts.